Re: One-Time passwords for regular user accounts?
- From: Unruh <unruh-spam@xxxxxxxxxxxxxx>
- Date: 29 Apr 2006 18:07:49 GMT
Carlos Moreno <moreno_at_mochima_dot_com@xxxxxxxxxxxxxx> writes:
John Thompson wrote:
I wonder if there is a way (a standard way, that is) to setup
one-time passwords for logging in to a Linux box (through SSH).
Search google on "opie" (one-time passwords in everything) and "S/KEY"
Hmmm... The information seems a bit scarce. But still, from one of
the descriptions I read, it seems to be resistant to sniffing attacks,
and not to key loggers. But using SSH -- which I do -- makes me
already impervious to sniffing.
No, it is also resistant to key loggers.
The key is never reused, so who cares if they got the current key. It will
never again work.
My concern is that I do not trust the keyboard where I'm typing my
password -- that's why I would like the server to have a list of
passwords ready to use, and as soon as one of them is used, it is
immediately removed from that list.
Precisely what Opie does, it ia more subtle and orgnaized fashion.
Am I getting it wrong?
You are getting opie wrong.
.
- Follow-Ups:
- Re: One-Time passwords for regular user accounts?
- From: Carlos Moreno
- Re: One-Time passwords for regular user accounts?
- References:
- One-Time passwords for regular user accounts?
- From: Carlos Moreno
- Re: One-Time passwords for regular user accounts?
- From: John Thompson
- Re: One-Time passwords for regular user accounts?
- From: Carlos Moreno
- One-Time passwords for regular user accounts?
- Prev by Date: Re: One-Time passwords for regular user accounts?
- Next by Date: Re: One-Time passwords for regular user accounts?
- Previous by thread: Re: One-Time passwords for regular user accounts?
- Next by thread: Re: One-Time passwords for regular user accounts?
- Index(es):
Relevant Pages
|
